[OpenAFS] Fw: Re: significant delay for afs user to login as root via su

[ematlis@yahoo.com]

Meant to post here as well...=0A=0A--- On Mon, 3/29/10, ematlis@yahoo.com <=
ematlis@yahoo.com> wrote:=0A=0A> From: ematlis@yahoo.com <ematlis@yahoo.com=
>=0A> Subject: Re: significant delay for afs user to login as root via su=
=0A> To: "Andrew Deason" <adeason@sinenomine.net>=0A> Date: Monday, March 2=
9, 2010, 12:36 PM=0A> Thanks for the follow up.=A0 I was=0A> about to imple=
ment that suggestion, but I just discovered=0A> I'm having some problems wi=
th logins.=A0 I'm seeing this=0A> in my /var/log/messages:=0A> =0A> Mar 29 =
12:41:56 aerogold pulseaudio[2484]: core-util.c:=0A> Failed to symlink=0A> =
/afs/nd.edu/user12/ematlis/.pulse/f2823c772656aa9192bdc8574b58d8da-runtime.=
tmp=0A> to /tmp/pulse-3kMM0lVbHDR3: Permission denied=0A> Mar 29 12:41:56 a=
erogold pulseaudio[2484]: core-util.c:=0A> Failed to symlink=0A> /afs/nd.ed=
u/user12/ematlis/.pulse/f2823c772656aa9192bdc8574b58d8da-runtime.tmp:=0A> P=
ermission denied=0A> Mar 29 12:41:56 aerogold pulseaudio[2484]:=0A> lock-au=
tospawn.c: Cannot access autospawn lock.=0A> Mar 29 12:41:56 aerogold pulse=
audio[2484]: main.c: Failed=0A> to acquire autospawn lock=0A> Mar 29 12:42:=
01 aerogold pulseaudio[2501]: core-util.c:=0A> Failed to symlink=0A> /afs/n=
d.edu/user12/ematlis/.pulse/f2823c772656aa9192bdc8574b58d8da-runtime.tmp=0A=
> to /tmp/pulse-eF6yrRvV9p8V: Permission denied=0A> Mar 29 12:42:01 aerogol=
d pulseaudio[2501]: core-util.c:=0A> Failed to symlink=0A> /afs/nd.edu/user=
12/ematlis/.pulse/f2823c772656aa9192bdc8574b58d8da-runtime.tmp:=0A> Permiss=
ion denied=0A> Mar 29 12:42:01 aerogold pulseaudio[2501]:=0A> lock-autospaw=
n.c: Cannot access autospawn lock.=0A> Mar 29 12:42:01 aerogold pulseaudio[=
2501]: main.c: Failed=0A> to acquire autospawn lock=0A> Mar 29 12:42:06 aer=
ogold gnome-session[2365]: WARNING:=0A> Application 'metacity.desktop' fail=
ed to register before=0A> timeout=0A> Mar 29 12:42:06 aerogold pulseaudio[2=
507]: core-util.c:=0A> Failed to symlink=0A> /afs/nd.edu/user12/ematlis/.pu=
lse/f2823c772656aa9192bdc8574b58d8da-runtime.tmp=0A> to /tmp/pulse-SMCaIesk=
t4fs: Permission denied=0A> Mar 29 12:42:06 aerogold pulseaudio[2507]: core=
-util.c:=0A> Failed to symlink=0A> /afs/nd.edu/user12/ematlis/.pulse/f2823c=
772656aa9192bdc8574b58d8da-runtime.tmp:=0A> Permission denied=0A> Mar 29 12=
:42:06 aerogold pulseaudio[2507]:=0A> lock-autospawn.c: Cannot access autos=
pawn lock.=0A> Mar 29 12:42:06 aerogold pulseaudio[2507]: main.c: Failed=0A=
> to acquire autospawn lock=0A> Mar 29 12:42:11 aerogold acpid: client 2197=
[0:0] has=0A> disconnected=0A> Mar 29 12:42:11 aerogold acpid: client conne=
cted from=0A> 2197[0:0]=0A> Mar 29 12:42:11 aerogold acpid: 1 client rule l=
oaded=0A> Mar 29 12:42:30 aerogold gnome-session[2365]: WARNING:=0A> Unable=
 to query client: Client is not registered=0A> Mar 29 12:42:30 aerogold gno=
me-session[2365]: WARNING:=0A> Unable to query client: Client is not regist=
ered=0A> Mar 29 12:42:30 aerogold gnome-session[2365]: WARNING:=0A> Unable =
to query client: Client is not registered=0A> Mar 29 12:42:30 aerogold gnom=
e-session[2365]: WARNING:=0A> Unable to query client: Client is not registe=
red=0A> Mar 29 12:42:30 aerogold gnome-session[2365]: WARNING:=0A> Unable t=
o query client: Client is not registered=0A> Mar 29 12:42:30 aerogold gnome=
-session[2365]: WARNING:=0A> Unable to query client: Client is not register=
ed=0A> Mar 29 12:42:30 aerogold gnome-session[2365]: WARNING:=0A> Unable to=
 stop client: Client is not registered=0A> Mar 29 12:42:30 aerogold gnome-s=
ession[2365]: WARNING:=0A> Unable to stop client: Client is not registered=
=0A> Mar 29 12:42:30 aerogold gnome-session[2365]: WARNING:=0A> Unable to s=
top client: Client is not registered=0A> =0A> =0A> This is happening with a=
ny user that logs in.=A0 It's=0A> taking for ever for their log in process =
to complete as a=0A> result.=0A> =0A> When I do log in from the console, th=
at is to say from in=0A> front of the machine, I get an error dialog window=
 which=0A> pops up saying roughly that it couldn't modify .ICEauthority=0A>=
 in my home directory, even though I have rw=0A> priviledges.=A0 Help!=0A> =
=0A> Any thoughts?=0A> =0A> thanks,=0A> eric=0A> =0A> --- On Mon, 3/29/10, =
Andrew Deason <adeason@sinenomine.net>=0A> wrote:=0A> =0A> > From: Andrew D=
eason <adeason@sinenomine.net>=0A> > Subject: Re: significant delay for afs=
 user to login=0A> as root via su=0A> > To: ematlis@yahoo.com=0A> > Date: M=
onday, March 29, 2010, 10:24 AM=0A> > On Thu, 18 Mar 2010 13:09:23 -0700=0A=
> > (PDT)=0A> > ematlis@yahoo.com=0A> > wrote:=0A> > =0A> > > Right, I agre=
e with you.=0A> > > =0A> > > I guess my original concern was that the su de=
lay=0A> was=0A> > symptomatic of=0A> > > some larger problem with my AFS or=
 PAM setup.=A0=0A> > But if it's really only=0A> > > going to happen in the=
 narrow set of=0A> circumstances=0A> > I've outlined, then=0A> > > it's not=
 a critical issue; it's not like many of=0A> the=0A> > AFS accounts will=0A=
> > > have su access anyway.=0A> > =0A> > (This thread is a bit old; sorry,=
 fell of my radar)=0A> > =0A> > If you're fine with that, that's fine, but =
just so=0A> you=0A> > know, there are=0A> > potential other problems with h=
aving .Xauthority in=0A> AFS.=0A> > That is, it's a=0A> > good idea to forc=
e it into /tmp or /var/tmp or=0A> /var/run=0A> > regardless.=0A> > =0A> > Y=
ou may experience less performance just in general=0A> for=0A> > launching =
X=0A> > apps. It can also mess stuff up if you try to use X=0A> from=0A> > =
more than one=0A> > machine at once (and both machines have your home dir=
=0A> in=0A> > AFS), and it=0A> > can be really insecure. If you have .Xauth=
ority in=0A> your AFS=0A> > home=0A> > directory, anyone with 'r' permissio=
ns on your home=0A> dir can=0A> > mess with=0A> > your X display.=0A> > =0A=
> > So it may be worthwhile to fix anyway. I think Booker=0A> > Bense's sug=
gestion=0A> > here:=0A> > <http://lists.openafs.org/pipermail/openafs-info/=
2010-March/033273.html>=0A> > is probably the easiest way to fix this for e=
veryone=0A> on the=0A> > machine. You=0A> > just need to add that line he m=
entions to=0A> > /etc/security/pam_env.conf; I=0A> > think that should be a=
ll you need to do, but I don't=0A> mind=0A> > assisting if=0A> > that doesn=
't work.=0A> > =0A> > -- =0A> > Andrew Deason=0A> > adeason@sinenomine.net=
=0A> > =0A> =0A> =0A> =A0 =0A> =0A=0A=0A